Help Desk password reset tool?

I'm digging deep in to the SSO servlets looking for a way to enter a call in a pflow to force the LDAP sync. If anyone has any ideas, it would be much appreciated.

newbie question: where are the SSO servlets located?

We did the scripted ssoconfig thing during the time in between implement LSF9 and doing the ldapbind.  In our case, we use an enterprise-wide password maintenance tool (Entact) but the basic idea would work without it as all it did in our case was deliver an xml file.  I won't claim it was elegant, but it worked.  The biggest downside to is that your passing passwords around as plain text.  What you would need to create is a program that the help desk would use that would let them enter an id and password, then create a deliver the xml file. The xml file looked like the attachment (where cdh034 is the user id and newpawd is the password):

We then had a cron driven script executing ssoconfig (where ???????? is your ssoconfig password): #  Script to look through the directory FTPHub drop entact requests #  into and process them through ssoconfig. . cv lawprod ENTACTDIR=/lawson/lawprod/law/entact LISTFILE=$ENTACTDIR/list LOGFILE=/lawson/lawprod/law/system/ChangeSSOPassword.log DATESTAMP=$(date '+%D %r') # Check to see is there is an lase process if (( $(ps -ef | grep lase | wc -l) >= 2 )); then    ls $ENTACTDIR/UserID*.xml > $LISTFILE 2> /dev/null    if [[ -s $LISTFILE ]]    then       exec 0<$LISTFILE       while read NAME       do          print "$DATESTAMP  Updating password" >> $LOGFILE          fgrep "" $NAME >> $LOGFILE          ssoconfig -l ???????? $NAME >> $LOGFILE          rm -f $NAME >> $LOGFILE       done    fi    rm $LISTFILE fi

Sorry, I hadn't been watching this list actively lately. I missed a few questions out here.

John Desmaris is a really bright guy, and his solution would work well. As he said NOT OPTIMAL, but does work. I'm with him on the plain-text passwords. Lawson (if you're reading), give us a command line tool to encrypt the passwords for ssoconfig, like with BPM config.

The other major method would be to emulate the LSGate calls the Security Client uses internally.

Kwane

I found ssoconfig to be unreliable with the -l tag.

I ended up using processflow with a custom service that picks up a csv. This csv is populated from another web site that authenticates either by helpdesk assigned temporary password or Novell authentication. Since Lawson ids always begin with the Novell ID, it works kind of like a self-help.

I'd really like to utilize the same bouncy castle routines to encrypt the password in order to get past the (up to) 15 minute delay. At least until we do the LDAP bind.

Thanks for all of the input.